Avoid symlinking to /bin when building singularity containers (or warn on clashes)

[cfhammill]

Somewhat related to #93082.

Presently when building singularity images, the contents (derivations) paths of the container are traversed, and each file found in $content-n/bin are symlinked to /bin.

https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/singularity-tools/default.nix#L80

The relevant code is:

for c in ${toString contents} ; do
  for f in $c/bin/* ; do
    if [ ! -e bin/$(basename $f) ] ; then
      ln -s $f bin/
    fi
  done
done

In the case multiple contents have the same binary the first is used and subsequent are skipped.

I think it would be preferable if we used $PATH instead of symlinking to bin. To accomplish this we could instead traverse the contents appending their paths and write that to a file in .singularity.d/env setting SINGULARITY_PREPEND_PATH in e.g. env-nix.sh. This ensures the nix $PATHs precede the default PATH.

Alternatively, if this seems like too much work for not enough gain, issuing a warning in the above for loop when an executable is masked would be advantageous for users.

@jbedo what do you think?

[jbedo]

I think this is a good idea, it's a cleaner solution. However, changing to path manipulation won't really change the masking situation, the order will still matter.

[cfhammill]

thanks @jbedo! I realize the masking issue isn't fixed by this, I probably should have separated out the two issues. I'll try to put together a PR in the next couple days.

[stale]

I marked this as stale due to inactivity. → More info

[ShamrockLee]

It is still important to me.

[jbedo]

@ShamrockLee which bit, the warning on masking or using path instead of symlinking?

[ShamrockLee]

@ShamrockLee which bit, the warning on masking or using path instead of symlinking?

Using PATH.
I'm working on a singularity version of LnL7/nix-docker
I'm trying to make it accept environment variables (including PATH) by adding .singularity.d/env/90-environment.sh. It still doesn't seem to work.
PATH is nessesary for --fakeroot to work.

[ShamrockLee]

How about constructing a ${name}.def file on-the-fly during build time and sungularity build it?

[jbedo]

I'm trying to make it accept environment variables (including PATH) by adding .singularity.d/env/90-environment.sh. It still doesn't seem to work.

Can you share your WIP so I can take a look?

[ShamrockLee]

@jbedo Here.

https://github.com/ShamrockLee/nix-singularity

The container is built with default.nix, and a modified version of singularity-tool is in srcs/singularity-tool.nix.

The remaining part is the still the same as those in nix-docker, where they were forked.

[stale]

I marked this as stale due to inactivity. → More info